CVE-2022-22956
VMware Workspace ONE Remote Code Execution
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
VMware Workspace ONE Access presenta dos vulnerabilidades de omisión de autenticación (CVE-2022-22955 y CVE-2022-22956) en el marco de OAuth2 ACS. Un actor malicioso puede omitir el mecanismo de autenticación y ejecutar cualquier operación debido a los endpoints expuestos en el marco de autenticación
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-01-10 CVE Reserved
- 2022-04-13 CVE Published
- 2024-08-03 CVE Updated
- 2024-10-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (5)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.vmware.com/security/advisories/VMSA-2022-0011.html | 2022-04-06 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Identity Manager Search vendor "Vmware" for product "Identity Manager" | 3.3.3 Search vendor "Vmware" for product "Identity Manager" and version "3.3.3" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
Vmware Search vendor "Vmware" | Identity Manager Search vendor "Vmware" for product "Identity Manager" | 3.3.4 Search vendor "Vmware" for product "Identity Manager" and version "3.3.4" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
Vmware Search vendor "Vmware" | Identity Manager Search vendor "Vmware" for product "Identity Manager" | 3.3.5 Search vendor "Vmware" for product "Identity Manager" and version "3.3.5" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
Vmware Search vendor "Vmware" | Identity Manager Search vendor "Vmware" for product "Identity Manager" | 3.3.6 Search vendor "Vmware" for product "Identity Manager" and version "3.3.6" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
Vmware Search vendor "Vmware" | Vrealize Automation Search vendor "Vmware" for product "Vrealize Automation" | >= 8.0 < 9.0 Search vendor "Vmware" for product "Vrealize Automation" and version " >= 8.0 < 9.0" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
Vmware Search vendor "Vmware" | Vrealize Automation Search vendor "Vmware" for product "Vrealize Automation" | 7.6 Search vendor "Vmware" for product "Vrealize Automation" and version "7.6" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
Vmware Search vendor "Vmware" | Workspace One Access Search vendor "Vmware" for product "Workspace One Access" | 20.10.0.0 Search vendor "Vmware" for product "Workspace One Access" and version "20.10.0.0" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
Vmware Search vendor "Vmware" | Workspace One Access Search vendor "Vmware" for product "Workspace One Access" | 20.10.0.1 Search vendor "Vmware" for product "Workspace One Access" and version "20.10.0.1" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
Vmware Search vendor "Vmware" | Workspace One Access Search vendor "Vmware" for product "Workspace One Access" | 21.08.0.0 Search vendor "Vmware" for product "Workspace One Access" and version "21.08.0.0" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
Vmware Search vendor "Vmware" | Workspace One Access Search vendor "Vmware" for product "Workspace One Access" | 21.08.0.1 Search vendor "Vmware" for product "Workspace One Access" and version "21.08.0.1" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|